<?php
/*
YHM (Your Hosting Manager) - Copyright 2010 All Rights Reserved. - YHM Group
Released under the Simplified BSD Licence.

Website: http://yhm.co.uk
Licence: http://yhm.co.uk/about/#licence

file: admin/kb.php
author: Kieran D. (Polarbear541)
*/

//Init Includes, Sessions and Page Info
require_once("../global.php");
session_start();
checklogin_admin();
$username = $_SESSION['user_name'];
$page = "kb";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Admin CP - Knowledgebase</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="../style.css" media="screen" />
</head>
<body>

<?php include('./header.php'); ?>

<div id="content">

	<h2>Knowledgebase Articles - <a href='./kb.php?action=create'>Create</a></h2>

	<?php

	//Assign Variables
	$id = intval($_GET['id']);
	$action = $_GET['action'];
	
	
	
	if ($action == "create")
	{
		echo "<form action='./kb.php?action=do_create' method='POST'><br />
		Title: <br /><input type='text' name='title' /><br /><br />
		Content: <br /><textarea name='content' id='content' style='width:60%;height:100px;'></textarea><br /><br />
		<input type='submit' value='Submit'></form><br />";
	}
	
	elseif ($action == "do_create")
	{
		$title = trim(htmlspecialchars(mysql_real_escape_string($_POST['title'])));
		$content = trim(htmlspecialchars(mysql_real_escape_string($_POST['content'])));
	
		if (empty($title) || empty($content))
		{
			echo "Please fill in all the fields!<br />";
            echo "<a href='./kb.php?action=create'>Click here to go back</a><br />";
		}
	
		else
		{				
			$query = mysql_query("INSERT INTO ".TABLE_PREFIX."knowledgebase VALUES (NULL, '$title','$content')") or die("Error: Query Failed" . mysql_error());
	
			echo "Article created successfully! <br />";
			echo "<a href='./kb.php'>Click here to go back if not redirected</a><br />";
			redirect("./kb.php", 2);
		}
	}
	
	elseif ($action == "edit")
	{	
		//Run Queries to get id info
		$query = mysql_query("SELECT * FROM ".TABLE_PREFIX."knowledgebase WHERE id='$id'");
		$row = mysql_fetch_array($query);
		
		if ($id == null)
		{
		  die ("Please specify a knowledgebase id to edit!<br /><br /><a href='./kb.php>Click here to go back</a><br />");
		  exit();
		}
		
		$check_kb_query = "SELECT MAX(id) FROM ".TABLE_PREFIX."users ORDER BY id DESC LIMIT 1";
		$check_kb = mysql_query($check_kb_query);
		$valid_kb = mysql_result($check_kb, 0);
       
	   if($id > $valid_kb)
	   {
	     die ("The knowledgebase article you requested does not exist.<br /><br /><a href='./kb.php>Click here to go back</a><br />");
	     exit();
	   }
		
	
		echo "<form action='./kb.php?action=do_edit&id=$id' method='POST'><br />
		Title: <br /><input type='text' name='title' value='{$row['title']}' /><br /><br />
		Content: <br /><textarea name='content' style='width:60%;height:100px;'>{$row['content']}</textarea><br /><br />
		<center><input type='submit' value='Submit'></center></form>";
	}
	
	elseif ($action == "do_edit")
	{
		$title = trim(htmlspecialchars(mysql_real_escape_string($_POST['title'])));
		$content = trim(htmlspecialchars(mysql_real_escape_string($_POST['content'])));
	
		if (empty($title) || empty($content))
		{
			echo "Please fill in all the fields!";
			echo "<br /><a href='./kb?action=edit&id=$id'>Click here to go back</a>";
		}
			
		else
		{
			$query = "UPDATE ".TABLE_PREFIX."knowledgebase SET title='$title', content='$content' WHERE id='$id'";
			$result = mysql_query($query) or die('Error:' . mysql_error() . '');
			echo "Article edited successfully! <br />";
			echo "<a href='./kb.php'>Click here to go back if not redirected</a><br />";
			redirect("./kb.php", 2);
		}
	}

	elseif ($action == "delete") //If deleting do query
	{
		$query = mysql_query("DELETE FROM ".TABLE_PREFIX."knowledgebase WHERE id='$id'") or die('Error:' . mysql_error() . '');
		echo "Article deleted successfully! <br />";
		echo "<a href='./kb.php'>Click here to go back if not redirected</a><br />";
		redirect("./kb.php", 2);
	}
	
	else //If not editing or deleting then show all
	{
		//Query to run
		$query = mysql_query("SELECT * FROM ".TABLE_PREFIX."knowledgebase ORDER BY id DESC");

		if (mysql_num_rows($query) == 0)
		{
			echo "- No Knowledgebase Articles to display -";
		}
		
		//Display Articles
		while($row = mysql_fetch_array($query))
		{
			echo "<h3>{$row['title']}</h3>";
			echo "<a href='./kb.php?action=edit&id={$row['id']}'>Edit</a> | <a href='./kb.php?action=delete&id={$row['id']}'>Delete</a><br />";
		}
	}

	?>
	
	<?php include '../footer.php'; ?>

</div>
</body>
</html>